Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/6ERuBYpce4eNog3FAJM62rT4mIE.roa
File:                     6ERuBYpce4eNog3FAJM62rT4mIE.roa (raw, json)
Hash identifier:          DfCswzs/om8d7SY5MKx+5ssfwWigU3Le7yufSUWQkj0=
Subject key identifier:   E8:44:6E:05:8A:5C:7B:87:8D:A2:0D:C5:00:93:3A:DA:B4:F8:98:81
Certificate issuer:       /CN=a2d952245bb34e40cdab5d4b090143c0d8581390
Certificate serial:       018CC50135D29E81591153AEECAADC94BB80
Authority key identifier: A2:D9:52:24:5B:B3:4E:40:CD:AB:5D:4B:09:01:43:C0:D8:58:13:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/otlSJFuzTkDNq11LCQFDwNhYE5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/6ERuBYpce4eNog3FAJM62rT4mIE.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2a0c:4144:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/otlSJFuzTkDNq11LCQFDwNhYE5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/otlSJFuzTkDNq11LCQFDwNhYE5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/otlSJFuzTkDNq11LCQFDwNhYE5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:35:d2:9e:81:59:11:53:ae:ec:aa:dc:94:bb:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2d952245bb34e40cdab5d4b090143c0d8581390
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8446e058a5c7b878da20dc500933adab4f89881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0b:0b:6c:e5:c9:31:2d:c0:47:71:6a:98:e8:
                    e2:ae:c6:a5:66:3a:11:79:3a:dd:d7:e7:88:d1:74:
                    0c:af:85:ea:de:9c:04:62:86:04:84:83:f4:4e:a9:
                    3f:de:c6:54:e9:1b:b9:b5:de:4d:c5:69:db:10:4e:
                    7e:39:9f:70:54:09:44:59:b3:2c:9c:57:c5:42:f9:
                    18:35:cd:55:63:80:b6:5a:75:ec:21:67:16:96:44:
                    ae:c3:82:b7:e6:d9:2b:9e:9b:f0:e2:c3:9c:c4:93:
                    27:ed:0c:c8:0a:d0:97:b6:47:a3:78:30:7e:8c:cd:
                    11:09:41:15:96:22:76:dd:fc:c2:34:96:8b:6c:ab:
                    60:5e:16:c0:12:35:11:fc:bb:0a:ee:82:0b:1f:8a:
                    26:5f:3b:e8:11:77:88:6d:c0:ce:67:89:70:c9:0b:
                    e2:e7:79:0b:6c:46:38:8f:af:76:52:61:8d:bf:39:
                    f2:be:5d:80:14:26:7c:37:de:e0:e2:f3:83:b6:b5:
                    57:94:5c:16:c2:9a:19:f8:83:62:d3:b3:56:2d:24:
                    a5:3f:78:e2:60:25:38:87:96:93:2b:14:e9:33:76:
                    d6:e8:6b:77:fb:97:d7:1e:92:b2:07:85:4e:5b:87:
                    33:bc:6b:18:a3:ef:9f:65:c1:a9:10:05:d7:83:32:
                    cd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:44:6E:05:8A:5C:7B:87:8D:A2:0D:C5:00:93:3A:DA:B4:F8:98:81
            X509v3 Authority Key Identifier:
                keyid:A2:D9:52:24:5B:B3:4E:40:CD:AB:5D:4B:09:01:43:C0:D8:58:13:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/otlSJFuzTkDNq11LCQFDwNhYE5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/6ERuBYpce4eNog3FAJM62rT4mIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/4b1a80-4e5f-49e7-b502-a22ffee4a515/1/otlSJFuzTkDNq11LCQFDwNhYE5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4144:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:49:9f:a5:06:20:f2:d5:be:40:6b:f5:e5:be:0e:1f:a0:d1:
         d1:19:41:e3:30:49:fb:24:dd:aa:b4:26:75:35:7c:80:bb:78:
         92:49:96:bf:83:0b:fe:84:d5:59:c5:bb:4e:f2:d3:0f:4f:31:
         a1:9e:d9:15:ac:5c:1a:ff:64:66:2e:0c:17:ed:af:ff:43:12:
         76:1d:61:90:99:6a:a3:00:3b:05:61:d7:75:1c:c7:e1:1d:b1:
         19:81:b9:bb:1f:ce:34:b0:7a:0e:b5:39:96:b6:3c:d6:04:fc:
         50:7a:9a:1a:cc:01:42:15:d5:38:89:5b:4b:59:60:4e:ce:b9:
         ee:1c:44:73:aa:68:67:ff:84:93:5e:56:93:cb:5a:81:37:1b:
         3f:68:b1:92:8e:9f:5c:08:f6:5e:70:aa:c7:56:86:81:bd:40:
         87:d1:53:46:5c:0f:f7:2d:e3:2e:25:4d:3b:f4:94:30:11:72:
         1d:75:9b:e7:d3:4d:0a:8a:bb:cb:2a:1f:da:1b:f8:64:4a:9a:
         0c:1c:57:60:51:5a:b5:d6:9e:4d:d3:4b:26:45:a2:43:f9:be:
         12:98:82:a2:bd:95:0d:9e:b9:d6:61:2f:4f:fa:78:2d:67:92:
         20:1e:61:87:7a:19:74:9b:61:e0:94:a6:68:7a:7a:78:bf:8c:
         b0:5e:db:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFATXSnoFZEVOu7KrclLuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZDk1MjI0NWJiMzRlNDBjZGFiNWQ0YjA5MDE0M2MwZDg1
ODEzOTAwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ0NmUwNThhNWM3Yjg3OGRhMjBkYzUwMDkzM2FkYWI0Zjg5ODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAsLbOXJMS3AR3FqmOjirsalZjoR
eTrd1+eI0XQMr4Xq3pwEYoYEhIP0Tqk/3sZU6Ru5td5NxWnbEE5+OZ9wVAlEWbMs
nFfFQvkYNc1VY4C2WnXsIWcWlkSuw4K35tkrnpvw4sOcxJMn7QzICtCXtkejeDB+
jM0RCUEVliJ23fzCNJaLbKtgXhbAEjUR/LsK7oILH4omXzvoEXeIbcDOZ4lwyQvi
53kLbEY4j692UmGNvznyvl2AFCZ8N97g4vODtrVXlFwWwpoZ+INi07NWLSSlP3ji
YCU4h5aTKxTpM3bW6Gt3+5fXHpKyB4VOW4czvGsYo++fZcGpEAXXgzLNkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOhEbgWKXHuHjaINxQCTOtq0+JiBMB8GA1UdIwQY
MBaAFKLZUiRbs05AzatdSwkBQ8DYWBOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3RsU0pGdXpUa0ROcTExTENRRkR3TmhZRTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC80YjFhODAtNGU1Zi00OWU3LWI1MDIt
YTIyZmZlZTRhNTE1LzEvNkVSdUJZcGNlNGVOb2czRkFKTTYyclQ0bUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC80YjFhODAtNGU1Zi00OWU3LWI1MDItYTIyZmZlZTRhNTE1
LzEvb3RsU0pGdXpUa0ROcTExTENRRkR3TmhZRTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxBRAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAVSZ+lBiDy1b5Aa/Xlvg4foNHRGUHjMEn7JN2q
tCZ1NXyAu3iSSZa/gwv+hNVZxbtO8tMPTzGhntkVrFwa/2RmLgwX7a//QxJ2HWGQ
mWqjADsFYdd1HMfhHbEZgbm7H840sHoOtTmWtjzWBPxQepoazAFCFdU4iVtLWWBO
zrnuHERzqmhn/4STXlaTy1qBNxs/aLGSjp9cCPZecKrHVoaBvUCH0VNGXA/3LeMu
JU079JQwEXIddZvn000KirvLKh/aG/hkSpoMHFdgUVq11p5N00smRaJD+b4SmIKi
vZUNnrnWYS9P+ngtZ5IgHmGHehl0m2HglKZoenp4v4ywXtus
-----END CERTIFICATE-----